Back

CVE-2024-43776

Sept. 2, 2024, 5:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Easytest Online Test Platform

  • 24E01 and earlier

Source

ART@zuso.ai

Tags

CWE-89
ART@zuso.ai
2024-09-02
CVE-2024-43776

CVE-2024-43776 details

Published : Sept. 2, 2024, 5:15 a.m.
Last Modified : Sept. 2, 2024, 5:15 a.m.

Description

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

URL Source
https://zuso.ai/advisory/za-2024-09 ART@zuso.ai
This website uses the NVD API, but is not approved or certified by it.